If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

hey bofh, so when is this tutorial being unleashed. you are talking about hydra stuff and all this but i did not find them in your zip. have u dished out another tutorial in between. but great work educationg ppl, keep going and THANKS loads

So when do we get to read your latest work. fingers crossed...waiting for it

To borrow a phrase. It will be posted when it is ready and not before. I have been working on getting crunch into the 21st century. I finished version 1.5 and had a feature request shortly after. I am about 2/3 done with the request. Once 1.6 is done I think crunch will be much more powerful tool that the original 1.0 version. It should be good until I get another feature request or a bug report shows up. I will try to shoot for the end of the month for the next version of the password cracking guide.

hey bofh, so when is this tutorial being unleashed. you are talking about hydra stuff and all this but i did not find them in your zip. have u dished out another tutorial in between. but great work educationg ppl, keep going and THANKS loads

section 8.1.1 of version 0.8 covers hydra stuff. If I left something out please let me know.

No problem with that, Metasploit is more for a full book if you want to cover it and it is always changing, I had the same idea about showing only the hash extraction, if you need any help with that section send me a PM I would be more than glad to help. I have hardly tested hydra, medusa, brutus or any other against consumer based routers, I was referring more to Juniper, Cisco and Nortel ones those have very good brute force mitigation controls in them but hardly admins implement them and junior level pentesters or people who think they are sell a service to a client for peanuts and they get what they pay for.

Originally Posted by bofh28

Thank you. I seen (and done) that too. However you also have to blame the router manufacturer sometimes. I have this old D-Link wireless router that just locks up if you if use hydra or medusa on it. Even with the proper and very conservative settings the router dies. It a firmware issue as we have 3 of these routers and they all exhibit this behavior. However the routers are so old they are nolonger supported and open firmware (dd-wrt) can't run on them as they only have 2MB of flash.

I am not familiar with meterpreter. (A quick google later). OK it is a part of metasploit. metasploit is a very powerful framework. When I decided to write this guide I made one thing very clear to myself. I will only cover password cracking AFTER compromise. I would not show anyone how to exploit a system and then extract the password hashes. If I cover hashdump it will be from the point after the system has been compromised. I won't cover how to break into a system. There are already many other guides and threads that cover how to break into a system.

It is a fine line I am trying to walk (especially since I starting to write the section about remotely extracting the hashes). I don't want to turn my guide into a step by step guide how to hack into something that any technological illiterate person could use to do something bad. Yes my guide is step by step but I try to educate the user along the way. I try to make them understand what they are doing and way.

It took a lot longer than I had wanted but here is the latest version of the password cracking guide. As usual if you have questions, problems, or if I got something wrong/left something out please let me know.